IMPORTANT: JREF Forums is now the International Skeptics Forum. If you are a past member of the JREF Forums you must agree to the new terms and conditions to post, send PMs, or continue to use the forum as a member. You can view them here, or you will be presented with them when you try to make a post or PM or similar.

Your private information was removed in transferring to the new forum. If you'd like to import it please see the instructions in this thread to approve transfer.
If you are having problems accessing the Forum you can contact Darat at isforum@internationalskeptics.com, please include your username and forum email address in any email.
NOTE:** TAPATALK access is currently disabled **. This is just while we work out how to ensure people have to agree to the T&Cs before posting here via Tapatalk

Welcome to the International Skeptics Forum, where we discuss skepticism, critical thinking, the paranormal and science in a friendly but lively way. You are currently viewing the forum as a guest, which means you are missing out on discussing matters that are of interest to you. Please consider
registering so you can gain full use of the forum features and interact with other Members. Registration is simple, fast and free! Click here to register today.

Do you click on links in emails that claim to originate from your banking institution? Why not?

RayG

Originally Posted by TheL8Elvis

I don't think I have find any links that I could identify from the url that would crash my browser.

I understand there is usually some context around the url/ip - but I think we can probably all agree that unsolicited links in email are generally bad to follow. We can probably even empirically prove that they are more likely to try to do something bad empirically.

If an IP address was returned in a search result, would that make it less suspicious ?

I tried to cover the email links as a more specific case, above.

But yes, I sometimes follow them if I am curious to see what the current scam is. It's usually just a phishing page trying to get my credentials.

No, of course not. You can do all sorts of things after someone has clicked, for example - redirects and stuff. And I'm not talking about popups and tooltips. You can see the actual url of a link you're hovering over in the status bar. Normal html doesn't let you change that. Combined with a reasonable amount of common sense, it's a reasonable rule of thumb.

Bottom line - anything you do on the internet can potentially be risky. It all depends how much effort someone wants to expend on it.

'Normal' JavaScript can change what is shown in the status bar, if allowed by the browser.

Well, there's a difference between not clicking because of a "woo" reason and not clicking because of "better safe than sorry". Or just call it "lazy" if you want.

Or perhaps "I'm not going to be a beta-tester (or a beta-clicker ) for your link". (This is in reference to the people who always read a few posts ahead to make sure someone else already clicked on the link first.)

And does being extra-careful mean you thin knon-technical people should just never follow links ? If you do that, how do you manage to search for anything on the Internet and find results ?

There are a few tell-tale signs that a site is using scripts to do something. For a start, there's usually some delay as the script executes. If you're being redirected, you'll usually see the original url in the address bar get replaced with a different url.

Really, it's simply a case of experience, observation, common sense, and a couple of general rules of thumb. There's no 100% reliable System that will infallibly tell you what to click on and what not to, but by stopping to think a little bit before clicking, you can avoid most of the common pitfalls.

__________________Some men just want to watch the world burn - and I think we're dealing with one of them here this evening.
- Senator Christine Milne, 30 October 2014

There are a few tell-tale signs that a site is using scripts to do something. For a start, there's usually some delay as the script executes. If you're being redirected, you'll usually see the original url in the address bar get replaced with a different url.

Scripts to do something, or to do something bad ? Unless you examine the source of every web page you visit, you aren't going to know if the JS running is benign or not.

Originally Posted by arthwollipot

Really, it's simply a case of experience, observation, common sense, and a couple of general rules of thumb. There's no 100% reliable System that will infallibly tell you what to click on and what not to, but by stopping to think a little bit before clicking, you can avoid most of the common pitfalls.

I guess I am questioning how accurate or beneficial that so called 'common sense' is. If someone opposed to using vaccines claimed it was all just 'common sense' - would that be an acceptable answer around here ? Obviously not.

It seems like it should be eminently demonstrable whether or not avoiding links consisting of ip addresses versus a domain name is going to actually keep you any safer, or not. Or whether running noscript keeps you safer than simply keeping your software up to date.

IOW - I haven't seen the proof that 'better safe than sorry' is actually true.

Scripts to do something, or to do something bad ? Unless you examine the source of every web page you visit, you aren't going to know if the JS running is benign or not.

Which is why many people use a browser plugin to just block all scripts.

Originally Posted by TheL8Elvis

I guess I am questioning how accurate or beneficial that so called 'common sense' is. If someone opposed to using vaccines claimed it was all just 'common sense' - would that be an acceptable answer around here ? Obviously not.

Bogus comparison.

Originally Posted by TheL8Elvis

It seems like it should be eminently demonstrable whether or not avoiding links consisting of ip addresses versus a domain name is going to actually keep you any safer, or not. Or whether running noscript keeps you safer than simply keeping your software up to date.

IOW - I haven't seen the proof that 'better safe than sorry' is actually true.

Which is why many people use a browser plugin to just block all scripts.

Yes, and I question if there is evidence that is really beneficial for the average user.

Originally Posted by arthwollipot

Bogus comparison.

It wasn't the worlds best analogy, admittedly. But do you not see anything analogous ? Nobody in this thread has provided a shred of evidence about which links are actually dangerous to follow, just lots of common sense and things they know. Backing up claims like that isn't really accepted in any other discussions on JREF, why is it acceptable here ?

Seriously, I have seen many posters around here clamoring about how they would never follow this link or that because it would be potentially unsafe (not just because there was no explanation or summary or something like that.)

If I'm not sure about the safety of a link, I simply start a "Linux Live CD" via VirtualBox and open the link within the included Linux browser ... This way it's absolutely safe to open the link since the site isn't running on a installed system anyway.

Except for twitter, URL shorteners have no usefull purpose. I reject them just because I don't like the idea of a third party being able to track the users of the link. I will also trim the tracking tags off most links that I post.

Quote:

Now, the only way you can find out what that links to is by clicking on it. If I wanted to send you to a site that would automatically download something to your computer without your knowledge, this would be a good way of doing it. It's a way of tricking you into visiting what I want you to visit.

With tinyurl and most similar sites, there is a way get a preview before following the link: http://tinyurl.com/preview.php you can even set a cookie so this will be the default.

Except for twitter, URL shorteners have no usefull purpose. I reject them just because I don't like the idea of a third party being able to track the users of the link. I will also trim the tracking tags off most links that I post.

You say URL shorteners have no useful purpose, but then immediately talk about one. Tracking. It may not be useful to you, but that does not mean it is not useful.

Also, why not a short URL for text messages, if you admit it is useful for twitter ?

Originally Posted by Dan O.

With tinyurl and most similar sites, there is a way get a preview before following the link: http://tinyurl.com/preview.php you can even set a cookie so this will be the default.

On my work windows machine I might be concerned about clicking links if I'm not entirely sure where they are going. Not for security reasons, on the work laptop my browser is sand boxed but just in case it has NSFW content on it!

I'd happily click an IP address. I'm not going to be afraid of a link because it's shown as an IP address and not a nice readable name, not all bad sites are called thissiteisevilandwillrapeyouifyouclickonthislink.c om

That was intended to give you some links to safe browsing guides written by internet security professionals, which is something that I am not. If you really want answers to your questions, internet security professionals will have them. After all, it's their job.

Originally Posted by Dan O.

Except for twitter, URL shorteners have no usefull purpose.

Twitter auto-shortens links without obscuring them. URL shorteners are even more pointless on Twitter than they are elsewhere.

Originally Posted by Dan O.

I will also trim the tracking tags off most links that I post.

Tracking tags actually serve a useful purpose. If I click a link that I receive on a newsletter, for example, it's useful to the publisher of the newsletter to know that my web page hit came from that newsletter. However, if I then want to put that link on my blog, I shouldn't include the tracking code, because that will then report to the publisher that all the clicks on my blog were actually clicks on their newsletter, which is false.

Anyway, tracking code is big and scary and a lot of people don't understand where they begin, and what part of a URL is the important part. (Hint: it's usually the bit that precedes the question mark. But not always.)

__________________Some men just want to watch the world burn - and I think we're dealing with one of them here this evening.
- Senator Christine Milne, 30 October 2014